Cyber Security Specialist - SIEM Engineering (Hiring Immediately) in Leeds

Location: Leeds (Asda House) / Hybrid (3 days in office)

Department: Technology – Cyber Security

Reports to: SOC and Incident Response Manager

Role Purpose

We are looking for a Cyber Security Specialist – SIEM Engineer to strengthen Asda’s detection and response capabilities. This is a hands-on engineering role, acting as a key enabler for the SOC and Incident Response Team (IRT), ensuring Asda gets maximum value from its investment in Microsoft Sentinel and the wider Defender XDR suite. The role will be responsible for onboarding and tuning log sources, building and optimising detections, and driving continuous improvement in SOC maturity.

Key Responsibilities

• Engineer, configure, and maintain Microsoft Sentinel as Asda’s SIEM, ensuring effective log ingestion, correlation, and alerting alongside existing Security Engineering function.
• Build, tune, and optimise detections, analytic rules, and automation (SOAR) to support SOC monitoring and IRT investigations.
• Integrate and enhance visibility across the Microsoft Defender XDR ecosystem, driving log source value and efficiency (Defender for Endpoint, Identity, Office 365, Cloud Apps, Entra ID).
• Onboard and manage diverse log sources (cloud, endpoint, network, SaaS, third party) to enrich SOC coverage.
• Support SOC analysts and incident responders with deep technical investigations and context enrichment.
• Develop dashboards, workbooks, and metrics to demonstrate SOC effectiveness and identify gaps.
• Partner with Threat Intelligence to translate IOCs/TTPs into actionable detections mapped to MITRE ATT&CK.
• Lead continuous improvement efforts to mature SIEM and SOC capabilities, reducing false positives and increasing detection fidelity.
• Maintain awareness of Microsoft’s evolving security capabilities; recommend and implement enhancements to strengthen resilience.
• Document engineering standards, playbooks, and knowledge articles for ongoing SOC/IRT operations.

Skills & Experience

• Strong hands-on experience with Microsoft Sentinel SIEM — log source integration, KQL queries, analytic rule development, automation.
• Familiarity with the Microsoft Defender XDR suite (Defender for Endpoint, Identity, O365, Cloud Apps).
• Understanding of SOC operations, incident response workflows, and detection engineering principles.
• Proficiency in Kusto Query Language (KQL) for writing detections and reports.
• Knowledge of logging, telemetry, and security data sources across cloud and on-premise environments.
• Experience building and maintaining SOAR playbooks (preferably Microsoft Logic Apps).
• Strong problem-solving and analytical skills; ability to identify gaps and implement solutions.
• Effective communicator; able to translate technical details into value for SOC and business stakeholders.

Desirable:

• Microsoft certifications (e.g., SC-200, SC-300, AZ-500, MS-500).
• Familiarity with automation and scripting (PowerShell, Python).
• Experience with threat hunting, purple teaming, or threat-informed defence.
• Exposure to large-scale retail or enterprise environments.

What Success Looks Like

• Sentinel SIEM is well-engineered, integrated, and delivering high-fidelity detections to SOC.
• SOC analysts and IRT can respond faster and with greater confidence thanks to improved visibility and automation.
• False positives are reduced; alerting is tuned and aligned to real-world threats.
• Coverage across Asda’s critical systems (cloud, endpoint, identity, email, SaaS) is comprehensive and monitored.
• Continuous improvement is evident — SOC maturity increases quarter by quarter.

What You’ll Gain

• Being a key engineer enabling Asda’s frontline cyber defence.
• Hands-on experience with Microsoft’s leading-edge security stack at enterprise scale.
• Opportunity to influence SOC/IRT strategy and tooling improvements.
• A collaborative, values-led culture with career growth opportunities.
• Hybrid working, competitive benefits, and the chance to protect a brand trusted by millions.

Asda Culture: How We Work

• One team: collaboration across SOC, IRT, Threat Intel, Risk, and wider Technology.
• Customer-first: protecting trust is central to everything we do.
• Innovative: continuously improving detections, automation, and resilience.
• Ethical: acting transparently and responsibly in all we deliver.

This role is open to job share / Part-time / Flexible working. Please be advised that this position requires attendance at Asda House in Leeds for a minimum of three days per week.

You will also get an excellent benefits package including:

• Discretionary company bonus
• Company pension up to 7% matched
• Company Car allowance of £5,700
• 15% colleague discount in store and online
• Free access to wellbeing services such as Stream, 24/7 virtual GP, counselling, health and dental cash plans and a 24/7 employee assistance helpline, alongside discounts across a range of services and activities, from airport parking, enhanced to theme parks and cinemas.
• Asda Allies Inclusion Networks – helping colleagues to make sure everybody is included and that our differences are recognised and celebrated
• Excellent parental leave policies, including maternity & adoption leave, paternity leave, shared parental leave, neonatal care leave, and support for those doing fertility treatments.

We want all colleagues to be able to bring their best and true selves to work, every day. Simply put, we want our colleagues to be Proud to be Asda and proud to be themselves.